Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:
platform/linux-generic/odp_ipsec_sad.c
line 147
@@ -528,3 +532,59 @@ int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa,
uint32_t len,
return rc;
}
+
+int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq,
+ odp_ipsec_op_status_t *status)
+{
+ /* Try to be as quick as possible, we will discard packets later */
+ if (ipsec_sa->antireplay &&
+ seq + IPSEC_ANTIREPLAY_WS <=
+ (odp_atomic_load_u64(&ipsec_sa->in.antireplay) & 0xffffffff)) {
+ status->error.antireplay = 1;
+ return -1;
+ }
+
+ return 0;
+}
+
+int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq,
+ odp_ipsec_op_status_t *status)
+{
Comment:
Not urgent, but at some point we should look at [RFC
6479](https://tools.ietf.org/html/rfc6479) to handle larger windows needed for
large multi-core systems and to do this more efficiently.
> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> It seems inefficient to incur those two atomic loads on every call. How about:
> ```
> if (ipsec_sa->hard_limit_bytes > 0 &&
> odp_atomic_load_u64(&ipsec_sa->bytes) > ipsec_sa->hard_limit_bytes) etc.
> ```
https://github.com/Linaro/odp/pull/243#discussion_r150422377
updated_at 2017-11-12 22:06:14
